This application relates to computer networks, and more particularly to security systems on networked computers.
Background: Computer System Theft and Security
Theft of computer related equipment and parts is a major source of lost revenue for businesses and individuals, and will continue to rise unless businesses can employ a more secure-method for reducing the value of gray-market computer components.
Theft of small high-dollar components is relatively easy and attractive. For example, the dollar value per cubic foot is high for such components as high-density memory modules, microprocessors, advanced graphics cards, and hard disks. The need for efficient manufacturing means that handling cannot be totally secure. Thus, losses due to theft are a persistent concern. The increasing use of Plug-and-Play and hot-swapping component architectures have made component theft increasingly convenient for thieves.
Due to the constant miniaturization of computer systems, virtually all current portable computer systems can easily be picked up and carried away, and very easily hidden in a briefcase or other container. Because of this, theft of portable computer systems has also become a great problem. One particular concern with regard to the theft of entire systems is the security of the contents of the computer hard drive. Since the value of the information stored on a computer is often much greater than that of the computer itself, it is increasingly important to find ways to disable computer systems after they have been stolen. If the computer is disabled, it is much less likely that any confidential information will be revealed, and a disabled computer system is much less attractive to thieves.
Also, a personal computer system can currently be physically removed from a network and will continue to operate. The user may have to reinstall or reconfigure the unit and operating system, but there is nothing to prevent the unit from being stolen or removed from the owner's location and computer network.
Currently, theft deterrent systems typically consist of a lock, which physically attaches the computer chassis to a desk or other immovable object to prevent its removal. The computer case can also be locked to prevent unauthorized removal of components.
Today there is no theft deterrent which renders the unit useless if it is stolen. A padlock or a case lock does not lock the actual electronics of the motherboard. Therefore, if a thief takes the time to circumvent the physical locks, or if no locks are present, then the thief ends up with a perfectly usable computer system.
Background: Computer Passwords
Current computer systems may include both user and administrator password security mechanisms. These mechanisms can prevent unauthorized access to the system, to configuration management utilities, or to different system devices and I/O ports. However, these passwords reside on a local system and are difficult to manage by the administrators. Users forget their passwords and cannot get into their units anymore.
Also, if an administrator leaves the company, all administrator passwords that were set on all individual machines must be changed to prevent the previous administrator from sabotaging the network and the units.
Today, users can set Power-On-Passwords on their local machine. The power-on-password prevents an unauthorized user from gaining access to the unit. An administrator can also set a Setup Password on the local machine to supersede the user password or provide a higher level of security. The Setup Password also prevents users from gaining access to configuration utility functionality and modifying their hardware settings.
Disadvantages of Current Password Systems
There are several significant disadvantages to present password security methods. Removing the CMOS battery from the system can defeat setup and power-on passwords. Also, because these passwords currently reside on the local machine, they are difficult to manage. There are some tools today which allow an administrator to change the passwords on several machines on the network. However, these tools still require that a machine list be maintained, and that the administrator purchase expensive network management tools to administer the units.
Background: Digital Signatures
Digital signatures are used to provide message authentication. The sender, for example a software vendor or system administrator, uses his own private key to encrypt a "message digest," thereby "signing" the message. A message digest is a cryptographically strong one-way hash function. It is somewhat analogous to a "checksum" or CRC error checking code, in that it compactly represents the message and is used to detect changes in the message. Unlike a CRC, however, it is computationally infeasible for an attacker to devise a substitute message that would produce an identical message digest. The message digest gets encrypted by the sender's private key, creating a digital signature of the message. Various digital signature standards have been proposed, such as SHA2 or CMD5.
The recipient can verify the digital signature by using the sender's public key to decrypt it. This proves that the sender was the true originator of the message, and that the message has not been subsequently altered by anyone else, because the sender alone possesses the private key that made that signature. Forgery of a signed message is infeasible, and the sender cannot later disavow his signature.
These two processes (encryption and digital signatures) can be combined to provide both privacy and authentication by first signing a message with the sender's private key, then encrypting the signed message with the recipient's public key. The recipient reverses these steps by first decrypting the message with his own private key, then checking the enclosed signature with the sender's public key. In this way, the encrypted message cannot be read by anyone but the recipient, and it can only have been created by the sender.
Further background on digital signatures can be found, for example, in the following books, all of which are hereby incorporated by reference: Pfitzman, Digital Signature Schemes (1996); Grant, Understanding Digital Signature (1997).
Background: BIOS Functions
A Basic Input/Output System (BIOS) memory is a memory (typically small) which stores the basic software to provide for initial system setup and configuration, including a Power-On Self Test, and allows the system to load and execute subsequent programs. This configuration software must be available to the system when it is first started, so the BIOS memory must be non-volatile.
It is important to note that the BIOS system is loaded before any other programs, and that the computer system must complete the BIOS load process before any other operations can be performed by the computer. Since this is the case, if the system is shut down by the BIOS software, because of system error or otherwise, the computer system is effectively disabled.
Innovative Security Systems and Methods
application discloses a new method and hardware security mechanism for portable or desktop computer systems. According to the disclosed method, when a computer system is started, it first verifies that it is connected to an authorized network. If it is, it then requires a username and password from the operator, and verifies these over the network. After verifying the network and user, the system completes its boot process and thereafter operates normally; if the network is not present or an incorrect user/password combination is entered, the system is disabled. This technique allows administrators to manage passwords more easily by managing them centrally on a network rather than on an individual system. Further, each individual machine interacts with the network to allow the system administrator to lock down the hardware features without having any local, hardware-based password mechanisms, and prevents the system from operating at all if it is not connected to the network.
The disclosed embodiments provide many specific advantages, which include:
Increased security of each node system by requiring a network to be present. PA1 Increased security of each node system by requiring that it operate on a specific network or set of networks. PA1 Increased security of each node system by requiring that login information be entered before the system is operable. PA1 More efficient system administration by allowing user access to specific nodes to be centrally administered.